[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vol-users
Subject:    [Vol-users] searching registries - Thank You All
From:       dragonforen () hotmail ! com (Mike Lambert)
Date:       2012-05-17 7:53:40
Message-ID: SNT118-W38BE5B465D9761EF91A05AE190 () phx ! gbl
[Download RAW message or body]


David, Glenn, Jamie, Andrew and Mark,
 
Thank you all for your suggestions!! I have several options for people to open dead \
registries that do not have forensic tools.  
Have a great day all!
 
Mike
 

> Date: Tue, 15 May 2012 21:48:50 -0500
> Subject: Re: [Vol-users] searching registries
> From: atcuno@gmail.com
> To: jamie.levy@gmail.com
> CC: dragonforen@hotmail.com; vol-users-bounces@volatilesystems.com; \
> hiddenillusion@gmail.com; vol-users@volatilesystems.com 
> Registry Decoder will definitely do what you want. Just process the
> hives in it, and then you can a search (either standard or with
> wildcards) and you can limit to just keys, names, or values, and you
> can also filter by last write time. You will immediately get tabs
> generated for all the hits, and then you can get them automatically
> reported into a number of formats. For more information, please see
> the instructions file in the downloads section of the website.
> 
> On Tue, May 15, 2012 at 9:23 PM, Jamie Levy <jamie.levy@gmail.com> wrote:
> > I think Registry Decoder would be useful for you:
> > 
> > http://www.digitalforensicssolutions.com/registrydecoder/
> > 
> > 
> > 
> > -----Original Message-----
> > From: Mike Lambert <dragonforen@hotmail.com>
> > Sender: vol-users-bounces@volatilesystems.com
> > Date: Tue, 15 May 2012 20:31:17
> > To: <hiddenillusion@gmail.com>
> > Cc: Volatility List<vol-users@volatilesystems.com>
> > Subject: RE: [Vol-users] searching registries
> > 
> > _______________________________________________
> > Vol-users mailing list
> > Vol-users@volatilesystems.com
> > http://lists.volatilesystems.com/mailman/listinfo/vol-users
> > 
> > 
> > _______________________________________________
> > Vol-users mailing list
> > Vol-users@volatilesystems.com
> > http://lists.volatilesystems.com/mailman/listinfo/vol-users
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilesystems.com/pipermail/vol-users/attachments/20120517/c3709518/attachment.html



[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic